Identity and authentication company Okta has revealed that it is dealing with another significant security incident after a hacker accessed its source code following a breach of its GitHub repositories. The company said in a statement that it had received notification from GitHub about “suspicious access” to its code repositories earlier this month, and that the hackers had used this access to copy code repositories related to Workforce Identity Cloud (WIC), its enterprise security solution. Okta added that there had been no unauthorized access to its service or customer data, and that products related to Auth0, which it acquired in 2021, were not impacted. Okta did not disclose how the hackers had gained access to its private repositories.
According to a confidential email notification sent by Okta internally and seen by BleepingComputer, GitHub notified the San Francisco-based company of suspicious activity in its code repositories in December 2022.
Okta’s internal email and public advisoryOpens a new window says unknown threat actors copied some GitHub repositories containing source code but clarified that no customer data or company infrastructure was impacted. The incident was reportedly limited to Okta Workforce Identity Cloud repositories.
Okta added that as soon as it learned of the possible suspicious access, it promptly placed temporary restrictions on access to its GitHub repositories and suspended all GitHub integrations with third-party applications. The company also stated that there had been no unauthorized access to its service or customer data, and that products related to Auth0, which it acquired in 2021, were not impacted. Okta did not disclose how the hackers had gained access to its private repositories.
This is not the first time that Okta has faced such a threat. Earlier this year, the company was targeted by the Lapsus$ extortion group, which gained access to the account of a customer support engineer at one of Okta’s third-party service providers, Sykes, and posted screenshots of Okta’s apps and systems. In August of this year, Okta faced another compromise when it was targeted by a hacking campaign that affected more than 100 organizations, including Twilio and DoorDash.